Online Collaboration Security

⚠️ 𝗖𝗼𝘃𝗲𝗿𝘁 𝗮𝗰𝗰𝗲𝘀𝘀, 𝗽𝗲𝗿𝘀𝗶𝘀𝘁𝗲𝗻𝗰𝗲 𝗮𝗻𝗱 𝗶𝗻𝘁𝗲𝗹 𝗰𝗼𝗹𝗹𝗲𝗰𝘁𝗶𝗼𝗻: A recently disclosed zero-day in TrueConf, a video conferencing solution, was actively exploited for cyber espionage (UAT9686).  • 𝟬-𝗱𝗮𝘆 𝗲𝘅𝗽𝗹𝗼𝗶𝘁𝗮𝘁𝗶𝗼𝗻: Attackers operated before patches or detections existed. TTE is getting shorter and shorter.  • 𝗧𝗿𝘂𝘀𝘁𝗲𝗱 𝗮𝗽𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗮𝗯𝘂𝘀𝗲: Leveraging a legitimate video platform to bypass suspicion  • 𝗦𝘁𝗲𝗮𝗹𝘁𝗵 𝗼𝘃𝗲𝗿 𝗻𝗼𝗶𝘀𝗲: Focus on espionage, not disruption  • 𝗛𝗶𝗴𝗵-𝘃𝗮𝗹𝘂𝗲 𝘁𝗮𝗿𝗴𝗲𝘁𝗶𝗻𝗴: Likely aimed at sensitive environments where communications = intelligence This aligns with a broader trend: 👉 𝗔𝘁𝘁𝗮𝗰𝗸𝗲𝗿𝘀 𝗮𝗿𝗲 𝘀𝗵𝗶𝗳𝘁𝗶𝗻𝗴 𝗳𝗿𝗼𝗺 “𝗯𝗿𝗲𝗮𝗸𝗶𝗻𝗴 𝘀𝘆𝘀𝘁𝗲𝗺𝘀” 𝘁𝗼 𝗹𝗶𝘃𝗶𝗻𝗴 𝗶𝗻𝘀𝗶𝗱𝗲 𝘁𝗿𝘂𝘀𝘁𝗲𝗱 𝘀𝘆𝘀𝘁𝗲𝗺𝘀 This is why "Assume Breach" model is so important, it shifts your thinking to every layer of your controls and think about blast radius, not just inside vs outside. There is no absolute in security (ahem). This isn’t solved with just patching (which we need to do). It requires a mindset shift. 1) 𝗧𝗿𝗲𝗮𝘁 𝗰𝗼𝗹𝗹𝗮𝗯𝗼𝗿𝗮𝘁𝗶𝗼𝗻 𝘁𝗼𝗼𝗹𝘀 𝗮𝘀 𝗰𝗿𝗶𝘁𝗶𝗰𝗮𝗹 𝗶𝗻𝗳𝗿𝗮𝘀𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲 They should be monitored, hardened, and governed, not just “installed and used.” 2) 𝗘𝘅𝘁𝗲𝗻𝗱 𝘃𝗶𝘀𝗶𝗯𝗶𝗹𝗶𝘁𝘆 𝗶𝗻𝘁𝗼 𝗮𝗽𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗯𝗲𝗵𝗮𝘃𝗶𝗼𝗿 Don’t just monitor endpoints, monitor how applications behave: Unusual connections Unexpected data flows Abnormal usage patterns 3) 𝗥𝗲𝗱𝘂𝗰𝗲 𝗶𝗺𝗽𝗹𝗶𝗰𝗶𝘁 𝘁𝗿𝘂𝘀𝘁 Seriously consider Zero Trust principles: Least privilege for apps Segmentation of communication systems Strong identity and session controls 4) 𝗔𝗰𝗰𝗲𝗹𝗲𝗿𝗮𝘁𝗲 𝗽𝗮𝘁𝗰𝗵 + 𝗲𝘅𝗽𝗼𝘀𝘂𝗿𝗲 𝗺𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 Zero-days will happen. Time-to-exploit is so short now, that we can't afford to fall behind. MTTD and MTTA is crucial. 5) 𝗜𝗻𝘃𝗲𝗻𝘁𝗼𝗿𝘆 𝘄𝗵𝗮𝘁 𝘆𝗼𝘂 𝗱𝗼𝗻’𝘁 𝘁𝗵𝗶𝗻𝗸 𝗮𝗯𝗼𝘂𝘁 Ask yourself: What communication tools are running in our environment that we are not actively securing? We are being watched, and often not by the right people. Hitachi Cyber #CyberSecurity #ZeroDay #ThreatIntelligence #CyberEspionage #ZeroTrust #OTSecurity #RiskManagement https://lnkd.in/gM9M3pcF

🚨 "I Accidentally Made Our Financial Report Public" – Don't Be That Person You've built incredible insights. Now comes the scary part: sharing them securely. One wrong click on "Publish to Web" and your confidential data becomes searchable on Google. Let's make sure that never happens to you. Why Secure Sharing Isn't Optional: Trust is fragile. One data breach, one unauthorized access, one accidental exposure – and months of credibility vanish instantly. Secure sharing isn't just IT compliance; it's career protection. 📊 Your Sharing Arsenal (Choose Wisely): 1. Direct Share: Quick email or link distribution - Best for: Small teams, single reports - Watch out: Carefully set Viewer vs Editor permissions 2. Workspaces: Collaborative environments with granular control - Best for: Ongoing projects, team collaboration - Power move: Assign Admin/Contributor/Viewer roles strategically 3. Apps: Polished packages of dashboards and reports - Best for: Large-scale stakeholder distribution - Game-changer: Users consume insights without editing chaos 4. Teams/SharePoint Integration: Seamless collaboration within existing workflows - Best for: Organizations already living in Microsoft 365 🔒 The Security Layers That Matter: - Row-Level Security (RLS): Regional managers see only their region, sales reps only their accounts – automatic personalization without building multiple reports. - Sensitivity Labels: Mark reports as "Confidential" or "Internal Only" for clear data classification. - Regular Audits: Monitor who accessed what, when. Spot unusual patterns before they become problems. ⚠️ The Critical Don'ts: ❌ Never use "Publish to Web" for anything remotely sensitive ❌ Don't give Editor access when Viewer is sufficient ❌ Avoid sharing datasets directly – share reports instead 🚀 Pro Configuration: Combine RLS + Apps + Workspaces for the ultimate secure sharing trifecta. One app per department ensures structured, controlled distribution that scales. Fast sharing is easy. Secure sharing requires strategy. The five minutes you spend setting proper permissions saves you from career-defining mistakes. The Trust Equation: Great insights + Secure delivery = Stakeholder confidence + Your reputation protected Tags : Shashank Singh 🇮🇳 | Pradeep M | Dhaval Patel | Hemanand Vadivel | Saddam Ansari | Codebasics | Indian Data Club | Munna Das | Tejas Rane | Tajamul Khan #PowerBI #DataSecurity #SecureSharing #BusinessIntelligence #DataGovernance #Compliance #Enterprise #InfoSec #DataProtection

Most of us assume that if we’ve paid for Microsoft Defender for Office 365, our people are covered wherever they work. It turns out that's not always true. When someone from your organization joins another company’s Microsoft Teams tenant as a guest, they can quickly step outside your Defender protection and into whatever security (or lack of) the other tenant has in place. As cross-company chat and guest access become part of everyday work, this blind spot turns into risk for both security and compliance teams. The research walks through how an attacker can spin up a cheap Microsoft 365 tenant without Defender, loosen the default safeguards, and then invite your users in as “guests.” Those invite emails are sent by Microsoft itself, so they pass SPF, DKIM, and DMARC and look completely legitimate. Once a user clicks Accept, any phishing links, malicious files, or social engineering can happen inside that external tenant. Your SOC can’t see it, your policies don’t apply, and the user still feels like they’re “just using Teams like normal.” The answer isn’t to shut down collaboration, but to design it on purpose. That means tightening B2B collaboration to trusted domains, using cross-tenant access controls, limiting external Teams access where it’s not needed, and coaching people to slow down on unexpected Teams invites. As we layer more collaboration and AI on top of Microsoft 365, knowing exactly where your security boundary stops is just as important as the tools you’ve bought. #MicrosoftTeams #CyberSecurity #Microsoft365 #ModernWorkMindset

I want to make you aware of a new enhancement we’ve rolled out for Microsoft Teams: Moderated Meetings with Information Barriers. This is a big deal for organizations that need to enforce strict compliance or ethical walls but still want to enable collaboration when the situation calls for it. Here’s a real world example: Imagine you work at a global bank. Your investment banking and retail banking teams are separated by information barriers due to regulatory requirements. Normally, these two groups cannot communicate directly. But let’s say you need to run an all-hands town hall or a company-wide training session. With this new feature, you can hold a meeting that brings everyone together because a designated compliance officer acts as a moderator. The session stays compliant, and you do not have to sacrifice communication or alignment across the company. This means: • Teams or individuals separated by compliance requirements can join the same meeting when a moderator is present • Scenarios like town halls, onboarding, or cross-segment updates are now possible without compromising policy • Compliance and IT admins have more control and flexibility, with security front and center If your organization has been looking for ways to enable collaboration while staying within strict regulatory boundaries, this is for you. You can read all the details here: https://lnkd.in/gp-5frsu Would love to hear your thoughts or questions. Let’s keep raising the bar for secure, compliant collaboration.

Here’s the security dilemma many teams face: we block file sharing in external Teams chats to protect data, and within a week users are emailing attachments to get work done. The data leaves our tenant forever. We've traded a controlled risk for an uncontrolled one. This is a fundamental security challenge: the gap between what policy intends and what people actually do when policy gets in the way. That's why I'm excited about what we just shipped at eSHARE. Trusted Sharing for Microsoft Teams Chat lets users paste an M365 link into any Teams chat with external participants, and eSHARE instantly wraps it in a Trusted Share. The file never leaves our tenant. Access governance is enforced automatically. And the user never leaves their flow of work. No new app. No extra steps. No reason to fall back to email. Below is a quick demo showing how it works. What I love about this from a trust and governance standpoint: it doesn't ask users to choose between doing their job and following policy. It removes that choice entirely. IT gets to say yes to external collaboration in Teams without compromising on control. Guardrails, not barriers. That's the philosophy. This is what it looks like in practice. #TrustedCollaboration #MicrosoftTeams #DataGovernance #ExternalCollaboration #ZeroTrust

🔐 Are you really collaborating securely in Microsoft 365? Too many orgs confuse collaboration with convenience - and end up paying the price. 📉 Oversharing files 🚨 Guest users with overbroad permissions 🤖 Copilot extensions running unchecked 💣 Shadow IT from self-service app installs 💬 Anonymous Teams chat from fake trial tenants If you're using Microsoft 365, you could be exposing sensitive data right now - without knowing it. 👇 That’s why I built this 15-slide carousel packed with expert-level, actionable guidance to lock down your digital collaboration environment -without destroying productivity. 🛡️ What you'll get in the carousel: - The #1 setting you should change today for Microsoft Entra guest access - Why public M365 Groups can quietly wreck your data strategy - How to shut down Copilot plugin sprawl before it starts - Easy wins like defaulting OneDrive links to "Specific people" - Smart controls for Power Platform tenant isolation …plus 10 more secure-by-default collaboration tips. 🔗 Want the deep dive? Read the full blog post with references and Microsoft Learn links here: 👉 https://lnkd.in/et5MeeC2 💬 Seen these risks in your org? Let’s discuss in the comments. 🔁 Share this with a fellow exec or cybersecurity lead - because collaboration should never come at the cost of control. #CyberSecurity #Microsoft365 #DataStrategy #CopilotSecurity #MicrosoftPurview #CloudSecurity #CTO #CIO #CISO #DigitalTransformation #InformationSecurity #MicrosoftEntra #M365Admin #ShadowIT #ITStrategy #ZeroTrust #SecureByDesign #CopilotReadiness #MicrosoftTeams #SharePointOnline #OneDriveforBusiness

Is your CISO concerned about the security of your collaboration tool chats? Here's why they should be. Statistically speaking, secrets exposed in Slack, Teams, Confluence, and Jira often pose a greater risk than those found in source codes. In 2023 alone, over 12 million hard-coded secrets were publicly exposed on GitHub. To effectively protect against credential leaks, CISOs must broaden their focus beyond source code and include collaboration tools in their secrets detection strategies. Below are 6 critical steps to ensure robust protection within these platforms. 1. Implement real-time scanning of your collaboration tools to detect secrets the moment they are shared. 2. Verify if the detected secrets are still active and valid within their source. 3. Promptly revoke and rotate any compromised secrets to mitigate risk. 4. Educate your team on the importance of secret management and the dangers of sharing sensitive information through collaboration tools. 5. Utilize Privileged Access Management (PAM) systems to securely share secrets. 6. Perform regular audits of your collaboration tools to uncover and address any remaining exposed secrets. #collaboration #efficiency #PAM #Accessmanagement #secrets #cybersecurity #cyberawareness #CISOlife #stayvigilant

NEW: Microsoft Teams will enable messaging safety features by default! Microsoft is improving messaging security in Microsoft Teams by enabling key safety protections by default. This update helps safeguard users from malicious content and provides options to report incorrect detections, reducing risk and improving collaboration security. 𝐖𝐡𝐞𝐧 𝐭𝐡𝐢𝐬 𝐰𝐢𝐥𝐥 𝐡𝐚𝐩𝐩𝐞𝐧: Starting January 12, 2026. 𝐖𝐡𝐨 𝐢𝐬 𝐚𝐟𝐟𝐞𝐜𝐭𝐞𝐝: Tenants that have not previously modified messaging safety settings and are still using the default configuration. 𝐖𝐡𝐚𝐭 𝐰𝐢𝐥𝐥 𝐡𝐚𝐩𝐩𝐞𝐧: The following settings in Teams admin center Messaging Settings will be turned ON by default: - Weaponizable file type protection - Malicious URL protection - Report incorrect security detections 𝐄𝐧𝐝 𝐮𝐬𝐞𝐫𝐬 𝐦𝐚𝐲: - See warning labels on messages containing malicious URLs. - Have the option to report false positives. - Experience blocked messages if they contain weaponizable file types. - If you have already customized and saved these settings, your preferences will remain unchanged. 𝐖𝐡𝐚𝐭 𝐲𝐨𝐮 𝐜𝐚𝐧 𝐝𝐨 𝐭𝐨 𝐩𝐫𝐞𝐩𝐚𝐫𝐞: - Review current values for these settings in Teams admin center > Messaging > Messaging settings > Messaging safety. - If you do not want the new defaults to apply, adjust settings and click Save before January 12, 2026. - Communicate this change to helpdesk staff and update internal documentation if necessary. Learn more: https://lnkd.in/eyvCya4t https://lnkd.in/eUb7GZ8a https://lnkd.in/ehqQtH9k #Microsoft365 #Teams #Cybersecurity

🔥🔥Calling all Teams users - We are noting an alarming increase in incidents where private recordings from online collaboration platforms like Microsoft Teams and Zoom are being hacked and sold on the dark web (see attached example). This is not only a serious breach of privacy but it also shines a light on the vulnerabilities embedded in our most trusted digital communication tools. Think about the nature of these conversations; more often than not, these discussions include information and data which - if made available - could cause significant damage to an organization’s reputation, image, operations…and so much more. So, how the heck are hackers gaining access to these recordings? Are they joining sessions incognito, hoping to snatch and grab our corporate secrets? Hackers employ a variety of tools and methods, some - more sophisticated than others, but nothing so outrageously complex that the average person couldn’t easily be taught to do the same. That said, here’s a few to consider: 1. Compromised Account Credentials: Hackers gain access to user accounts and stored recordings through stolen login details. 2. Social Engineering - Social engineering tactics can effectively manipulate users into unintentionally revealing sensitive information like calendar details and project data. This inadvertently gathered information can be pieced together by hackers to create a comprehensive profile for exploitation purposes. 3. Unsecured Personal Devices: Inadequately protected devices become easy targets for hackers seeking access to sensitive data. 4. Lack of Encryption: Communications that are not fully encrypted can be intercepted by hackers. 5. Improperly Configured Privacy Settings: Users may unknowingly share or store recordings in ways that make them accessible to unauthorized individuals due to incorrectly set privacy configurations. To counter these threats, several steps can be taken: 1. Restrict External Communications: Limit the ability of external tenants to contact employees through Teams where it's not necessary. 2. Implement Trusted Domain Allow-Lists: Use allow-lists for domains you trust to minimize the risk of unauthorized access. 3. Educate and Raise Awareness: Staff awareness about the potential misuse of platforms like Teams for social engineering attacks is essential. 4. Regular Software Updates: Keeping your software updated is critical to patch known vulnerabilities. 5. Vigilance in Monitoring Activities: Be alert to unusual activities, particularly those originating from external sources. Pay attention to alerts and advisories indicating vulnerabilities. Yes, these communication tools are essential to our business operations, but they are not without RISK. As we continue to rely on these platforms for our daily interactions, understanding these vulnerabilities and taking proactive steps to safeguard our digital environments is crucial.

🚀 Secure Your Microsoft 365 Applications & Emails with Best Practices 🔐 If you’ve been following my Monday Zero Trust Requirements series, we’ve already covered the first three core elements: Identity, Data, and Endpoint Security. Now, it’s time for the fourth and final pillar—Application (Emails) Security. Applications and emails are among the most exploited entry points for cyberattacks. As before, I have followed industry best practices and security requirements, aligning with ISO 27001, CIS, NIST, and Microsoft security baselines, to help organizations secure their applications, detect threats, and enhance email protection. 🔹 1️⃣ Application Access & Governance 🛑 Prevent unauthorized third-party app access, enforce governance policies, and restrict external sharing to reduce security risks. 🔹 Misconfigured application access can lead to data leaks and account takeovers. 🔹 2️⃣ Application Threat Detection & Anomaly Monitoring 🔒 Proactively detect risky OAuth apps, investigate application threats, and monitor security anomalies to prevent account compromise. 🔹 Anomalous app behavior can indicate a compromised account—monitoring is key. 🔹 3️⃣ Email Security & Exchange Online Protection 📧 Apply spam filtering, disable unauthorized email forwarding, and enforce anti-phishing policies to strengthen email security. 🔹 Attackers exploit email as a primary attack vector—protect your inbox. 🔹 4️⃣ Advanced Email Security & Compliance ✉️ Enforce SPF, DKIM, and DMARC, deploy spam policies, and secure email encryption to prevent phishing and email fraud. 🔹 Email authentication is essential to block spoofing and impersonation attacks. 🔹 5️⃣ Microsoft Teams & Collaboration Security 🔗 Restrict app usage, manage privileged mailbox access, and apply security controls for priority accounts in Teams. 🔹 Collaboration without security controls can expose sensitive information. 🔹 6️⃣ Cloud Security & App Monitoring 📡 Monitor cloud app activity, enforce encryption, and centralize security logging to detect and respond to security incidents. 🔹 Visibility into cloud apps helps prevent shadow IT and compliance violations. 🔹 7️⃣ Compliance & Incident Response 🛡️ Automate compliance reporting, secure audit logs, and enforce application discovery policies to strengthen governance. 🔹 Proactive security and compliance reduce the risk of regulatory violations. 📌 Why This Matters? ✅ Applications & emails are prime targets for cyberattacks—hardening security controls is critical. ✅ Following security benchmarks like CIS, NIST, and Microsoft Security Baselines ensures a structured security approach. ✅ Microsoft Defender for Office 365, Microsoft Purview, and Defender for Cloud Apps provide the tools to enforce these protections. 📥 Download the Microsoft 365 Application & Email Security Requirements PDF! #MicrosoftSecurity #EmailSecurity #ApplicationSecurity #ZeroTrust #CyberSecurity